From: pebenito@ieee.org (Chris PeBenito) Date: Tue, 14 Nov 2017 18:32:21 -0500 Subject: [refpolicy] [PATCH] Allow gtk apps to map usr_t files In-Reply-To: <20171114020336.28983-1-aranea@aixah.de> References: <20171114020336.28983-1-aranea@aixah.de> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 11/13/2017 09:03 PM, Luis Ressel via refpolicy wrote: > This is required to access gtk's icon cache. IIRC, past discussion on > the ML came to the conclusion that adding a new domain for this would be > overkill. > --- > blueman.te | 1 + > evolution.te | 1 + > gpg.te | 1 + > mozilla.te | 1 + > openoffice.te | 1 + > thunderbird.te | 1 + > wireshark.te | 1 + > wm.te | 1 + > 8 files changed, 8 insertions(+) > > diff --git a/blueman.te b/blueman.te > index 3a5032e..c00e3cc 100644 > --- a/blueman.te > +++ b/blueman.te > @@ -45,6 +45,7 @@ dev_rw_wireless(blueman_t) > domain_use_interactive_fds(blueman_t) > > files_list_tmp(blueman_t) > +files_map_usr_files(blueman_t) > files_read_usr_files(blueman_t) > > auth_use_nsswitch(blueman_t) > diff --git a/evolution.te b/evolution.te > index ed56f43..a9ffea3 100644 > --- a/evolution.te > +++ b/evolution.te > @@ -182,6 +182,7 @@ dev_read_urand(evolution_t) > > domain_dontaudit_read_all_domains_state(evolution_t) > > +files_map_usr_files(evolution_t) > files_read_usr_files(evolution_t) > > fs_dontaudit_getattr_xattr_fs(evolution_t) > diff --git a/gpg.te b/gpg.te > index d55eeaf..d860aeb 100644 > --- a/gpg.te > +++ b/gpg.te > @@ -338,6 +338,7 @@ dev_read_rand(gpg_pinentry_t) > > domain_use_interactive_fds(gpg_pinentry_t) > > +files_map_usr_files(gpg_pinentry_t) > files_read_usr_files(gpg_pinentry_t) > > fs_dontaudit_getattr_xattr_fs(gpg_pinentry_t) > diff --git a/mozilla.te b/mozilla.te > index 79e0cd4..5a58ee9 100644 > --- a/mozilla.te > +++ b/mozilla.te > @@ -170,6 +170,7 @@ dev_write_sound(mozilla_t) > domain_dontaudit_read_all_domains_state(mozilla_t) > > files_read_etc_runtime_files(mozilla_t) > +files_map_usr_files(mozilla_t) > files_read_usr_files(mozilla_t) > files_read_var_files(mozilla_t) > files_read_var_lib_files(mozilla_t) > diff --git a/openoffice.te b/openoffice.te > index 3c42014..eb10349 100644 > --- a/openoffice.te > +++ b/openoffice.te > @@ -80,6 +80,7 @@ files_getattr_all_dirs(ooffice_t) > files_getattr_all_files(ooffice_t) > files_getattr_all_symlinks(ooffice_t) > files_read_etc_files(ooffice_t) > +files_map_usr_files(ooffice_t) > files_read_usr_files(ooffice_t) > > fs_getattr_xattr_fs(ooffice_t) > diff --git a/thunderbird.te b/thunderbird.te > index 865de1d..70ff0f0 100644 > --- a/thunderbird.te > +++ b/thunderbird.te > @@ -86,6 +86,7 @@ dev_read_urand(thunderbird_t) > dev_dontaudit_search_sysfs(thunderbird_t) > > files_list_tmp(thunderbird_t) > +files_map_usr_files(thunderbird_t) > files_read_usr_files(thunderbird_t) > files_read_etc_runtime_files(thunderbird_t) > files_read_var_files(thunderbird_t) > diff --git a/wireshark.te b/wireshark.te > index a398fd7..ca4289f 100644 > --- a/wireshark.te > +++ b/wireshark.te > @@ -86,6 +86,7 @@ dev_read_rand(wireshark_t) > dev_read_sysfs(wireshark_t) > dev_read_urand(wireshark_t) > > +files_map_usr_files(wireshark_t) > files_read_usr_files(wireshark_t) > > fs_getattr_all_fs(wireshark_t) > diff --git a/wm.te b/wm.te > index b9c0498..e54f283 100644 > --- a/wm.te > +++ b/wm.te > @@ -56,6 +56,7 @@ dev_rw_wireless(wm_domain) > dev_write_sound(wm_domain) > > files_read_etc_runtime_files(wm_domain) > +files_map_usr_files(wm_domain) > files_read_usr_files(wm_domain) > > fs_getattr_all_fs(wm_domain) Merged. -- Chris PeBenito